AppSec Blog: Daily Archives: Aug 11, 2010

Seven Security (Mis)Configurations in Java web.xml Files

There are a lot of articles about configuring authentication and authorization in Java web.xml files. Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let's look at some of the most common security misconfigurations in Java web.xml files. 1) Custom Error Pages Not Configured By default Java … Continue reading Seven Security (Mis)Configurations in Java web.xml Files